Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8682

mongo tools do not support --sslPEMKeyFile or --sslPEMKeyPassword

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.5.3
    • Affects Version/s: 2.4.0-rc0
    • Component/s: Security, Tools
    • None
    • ALL

      If the mongod server is started with the --sslCAFile option (Certificate Authority file for SSL), it is impossible to connect to the server from the mongotools (mongodump, mongoexport, etc.).

      If a tool tries to connect, the server will log (as expected):

      Fri Feb 22 16:10:51.393 [conn3] ERROR: no SSL certificate provided by peer; connection rejected
Fri Feb 22 16:10:51.393 [conn3] SocketException handling request, closing client connection: 9001 socket exception [6]

      Workaround: run the mongod with --sslWeakCertificateValidation (allow client to connect without presenting a certificate). With this option, if a client presents a certificate, it must present a certificate that is valid by the CA. However, clients are allowed to successfully connect if they present no certificate at all.

      Fix: add support for these cmd line options.

            Assignee:
            sverch Shaun Verch
            Reporter:
            dan@mongodb.com Daniel Pasette (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: